package jdbc;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;

public class JDBCDemo7 {
    public static void main(String[] args) {
        try (Connection connection = DButil.getConnection()){
            String sql = "SELECT id,username,password,nickname " +
                    "FROM user "+
                    "WHERE username = ? AND password = ?";
            PreparedStatement ps = connection.prepareStatement(sql);

            ps.setString(1,"1");
            ps.setString(2,"1' OR '1'='1");//可以防止SQL注入
            ResultSet rs = ps.executeQuery();
            if(rs.next()){
                System.out.println("登录成功！！！");
            }else {
                System.out.println("登录失败！！！");
            }

        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
